search

mozilla / mozilla-django-oidc

A django OpenID Connect library
https://mozilla-django-oidc.readthedocs.io
Mozilla Public License 2.0
452 stars 169 forks source link

setup with okta #289

Closed phamj88 closed 5 years ago

phamj88 commented 5 years ago

Hi All,

I am getting an exception whenever I authenticate and get redirected back to /oidc/callback:

django.core.exceptions.SuspiciousOperation: The provider algorithm 'RS256' does not match the client's OIDC_RP_SIGN_ALGO.

Reading Okta documentation it says it is default 'HS256' so I dont know why it is saying RS256. But its not obvious on the Okta app, has no settings for what time of signing algorithm it uses. https://developer.okta.com/docs/api/resources/oidc#token-authentication-methods

On my Okta app I can see OIDC access token is granted My setup is exactly like everything default on the installation guide.

Okta app: Login redirect URIs: http://localhost:8000/oidc/callback/ Initiate login URI: http://localhost:8000/oidc/callback/

settings.py vars for endpoints:

 OIDC_OP_AUTHORIZATION_ENDPOINT = 'https://myaccount.oktapreview.com/oauth2/v1/authorize'
 OIDC_OP_TOKEN_ENDPOINT = 'https://myaccount.oktapreview.com/oauth2/v1/token'
 OIDC_OP_USER_ENDPOINT = 'https://myaccount.oktapreview.com/oauth2/v1/userinfo'

Anyone familiar with Okta or run into this issue yet?

Thanks!

phamj88 commented 5 years ago

duh. Changed OIDC_RP_SIGN_ALGO to RS256. I think im getting further. Is OIDC_OP_JWKS_ENDPOINT the /keys uri? https://developer.okta.com/docs/api/resources/oidc#keys Now I am getting:

failed to get or create user: Claims verification failed
RubenGarcia commented 5 years ago

I'm getting the same issue "failed to get or create user: Claims verification failed". phamj88, can you point to the solution?